Ubuntu – Suspicious SSL certificate

broadcomssl

I have a Lenovo E330 laptop running Ubuntu 14.04. Sometimes the certificate in this picture:

Prompts me when I start up the computer, and I find it looks quite suspicious.

Can anybody tell me why it's prompting me for accepting this SSL certificate and if there is a way to stop it. Please let me know if you need more information.

Best Answer

Yes, this certificate looks suspicious. It might be that somebody is messing with your network and trying man-in-the-middle attacks. Please check if other hosts in the network are affected too.

If no other host is affected try to find out when exactly you get this message, that is which host gets accessed in this case. It might also be that there is a router or similar device in your network with an expired certificate and for whatever reason you are trying to access this host.

Related Solutions

Ubuntu – Installing a SSL certificate

You do not need to modify any of those files..

Ill run you through the full process on how to setup so it may help new users using ISPConfig,

On ISPConfig3

on, Sites, and then clicking your domain, and the SSL Tab, Now, entering your SSL info and clicking the SAVE button to generate a SELF SIGNED SSL CERT,

for the “SSL Key”, “SSL Request” and “SSL Certificate” to appear.

(may take up to 2 mins or less to appear)

When asked for the CSR code for SSL on your website site, You copy the SSL Request into the CSR code box from ispconfig3 and your website SSL section to comodo's website CSR code box..

Please note that the certificate signing request (CSR) code, is in the "SSL Request" field.

To better familarize you, The “RSA Key” is in the “SSL Key” field.

At some point Comodo will send an email with the activation code and instructions where to enter it. This is a sample email:

**Domain Control Validation for www.example.com
Dear your-email@whatevermail.com
We have received a request to issue an SSL certificate for www.example.com.
    Please ignore this email if neither you nor a trusted colleague made this 
request for a certificate 
    Otherwise, please browse here and enter the following "validation code":
    JH9Jrdtejfvsaas6234rgjfse7wjhge7

Click on the link and enter the validation code. After a few minutes Comodo will send you another email with an attachment containing four text files you were mentioning:

COMODORSADomainValidationSecureServerCA.crt
COMODORSAAddTrustCA.crt
AddTrustExternalCARoot.crt
www_example_com.crt

The trusted SSL Certificate is part of this email.

Download and extract to your PC,

inside the www_example_com.crt file.

edit it with your text editor (notepad++ if on windows or vi, nano etc on linux.)

and Copy all code into the “SSL Certificate” field, in IspConfig3.

The other three files are used to create the “SSL Bundle”.

COMODORSADomainValidationSecureServerCA.crt
COMODORSAAddTrustCA.crt
AddTrustExternalCARoot.crt

You need to combine the files in the following order to use on Ispconfig3.

Again using your text editor: Open all these files:

COMODORSADomainValidationSecureServerCA.crt
COMODORSAAddTrustCA.crt
AddTrustExternalCARoot.crt

Combine all of them... To Combine, Copy all code from each file, One by One In Order, into a new text file, to be sure you have everything correct.

combining should look something like this:

After you combine the three files of code in one file, Copy all the code, and enter the text in the “SSL Bundle” field.

Select “Save Certificate” and click SAVE. (Wait 2 mins or less for changes,)

then Use this tool to check if the SSL was correctly installed: https://www.sslshopper.com/ssl-checker.html

Use this tool to check if the installed SSL is of type SHA-2: https://shaaaaaaaaaaaaa.com/

Ubuntu – Are users of Ubuntu certified computers safe from OEM SSL/TLS tampering

Ubuntu's open source nature does not make it immune from the same kind of issue, where an OEM may have added malware (accidentally or deliberately), whether that be additional CA certificates or otherwise, on the images it distributes pre-installed on computers.

If you install Ubuntu yourself there are a number of measures against malicious modification by third parties: If you obtain an image of Ubuntu from an official Ubuntu source you can verify its checksum, and if you keep Ubuntu updated using APT with the official repositories you benefit from its built-in digital signing, assuring you that the images have not been tampered with by third-parties.

However, as you may suspect if Ubuntu is pre-installed by an OEM they have almost certainly made modifications to it aside from just installing the official images, for quite legitimate reasons. If bought from a trusted source it would be very unlikely that the installation would include malware, possibly even more unlikely than the typical Windows installation, but there is nothing that would make it impossible, and you only need to look at the examples from Lenovo and Dell to see how that might happen.

As for whether you need to worry, you can judge for yourself. Wiping and reinstalling from an official Ubuntu installer might quell some fears, though you will lose any OEM-specific customisation or extra functionality.

I can't answer your question about whether Ubuntu/Canonical try to police any changes to root certificate stores on OEM's derived installations, but I can't see how that would be feasible to do comprehensively enough.

Best Answer

Related Solutions

Ubuntu – Installing a SSL certificate

Ubuntu – Are users of Ubuntu certified computers safe from OEM SSL/TLS tampering

Related Question